A kernel memory corruption vulnerability is present in the VMware Tools “Shared Folders” (HGFS) feature running on Microsoft Windows. Successful exploitation of this issue could lead to an escalation of privilege in the guest operating system.

VMware would like to thank Dmitry Janushkevich from the Secunia Research Team for reporting this issue to us.

Note: This vulnerability does not allow for privilege escalation from the guest operating system to the host. Host memory can not be manipulated from the guest operating system by exploiting this flaw.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2015-6933 to this issue.

Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

VMware

Product

Running

Replace with/

Product

Version

on

Apply Patch*

VMware ESXi

6.0

ESXi

ESXi600-201601102-SG

VMware ESXi

5.5

ESXi

ESXi550-201512102-SG

VMware ESXi

5.1

ESXi

ESXi510-201510102-SG

VMware ESXi

5.0

ESXi

ESXi500-201510102-SG

VMware Workstation

12.x.x

Any

not affected

VMware Workstation

11.x.x

Any

11.1.2

VMware Player

12.x.x

Any

not affected

VMware Player

7.x.x

Any

7.1.2

VMware Fusion

8.x.x

OSX

not affected

VMware Fusion

7.x.x

OSX

7.1.2

*After the update or patch is applied, VMware Tools must also be updated in any Windows-based guests that include the “Shared Folders” (HGFS) feature to resolve CVE-2015-6933. The affected “Shared Folders” (HGFS) feature is installed by default on hosted (Workstation, Fusion, Player) products only. Alternatively, version 10.0.0 of VMware Tools is available for independent download and includes the fix.

4. SolutionPlease review the patch/release notes for your product and version and verify the checksum of your downloaded file.